Endpoints

An endpoint authorizes a client to connect to Eclipse Amlen on one or all configured ethernet interfaces, and a specific port.

You create endpoints on a message hub. You must have at least one connection policy and one type of messaging policy - topic policy, queue policy, or subscription policy - associated with an endpoint in order for the system to work. If you do not have a connection policy, clients cannot connect. If you do not have at least one type of messaging policy, clients have no authority to perform an action. Connection policies and messaging policy types are specific to a message hub. However, you can associate the policies with more than one endpoint within the same message hub. You can associate more than one connection policy or messaging policy type with an endpoint.

When you plan the number of endpoints to create in your message hub, consider what you want to achieve. There is little performance cost in having a number of endpoints, but large numbers increase configuration and management complexity.

Multiple endpoints create separation. For example, you might want one relatively open endpoint with limited authorization, and one more secure endpoint with more power. Or you might have a user group that is made up of customers with the authority to publish large messages that are associated with one endpoint, and a user group authorized to publish smaller message sizes that are associated with another endpoint.

You can also associate specific security policies with an endpoint. You must have separate endpoints if you need any variation of the transport security, such as secure or non-secure transport. Or when you use different certificates.

Example of situations where you might want to create at least two endpoints on a message hub are:
  • In a DMZ. In this scenario, you might create an SSL/TLS enabled endpoint which is bound to the external-facing ethernet interface, and another endpoint that is bound to an internal-facing ethernet interface. Additionally, you might want to authorize only MQTT connections on the external-facing endpoint, and JMS connections only on the internal-facing endpoint.
  • In a scenario where you have distinct applications, or applications with different policies. Multiple endpoints can be used to organize policies, and might reduce management complexity. In this situation, you might also want to consider creating multiple message hubs.

When you create endpoints, consider your monitoring requirements. All connection and messages can be monitored for a specific endpoint. For example, you might want to set up endpoints to monitor transactions for a specific application, or for internal or external traffic.